Jihadism and cryptography From internet to softwares Julie Gommes Vienna November 2015
Julie Gommes IT Security and governance consultant - - Risk analysis - 27001 audits - Risk management Lived/worked in Egypt, Syria, Soudan, Liban, Tunia … - Researching on jihadist networks from years - Find me there : - Jujusete on IRC (freenode, geeknode, europnet …) @JujuSete on Twitter https://fr.linkedin.com/in/juliegommes
Previous talks and trainings How NGOs can encrypt their communication - Ritimo - Paris, Sept. 15 Social networks, practices and issues for NGOs - Ritimo - Paris, may 15 Free softwares, alternatives to Skype, google, Dropbox and others Ritimo - Paris, may 2015 Information Security for journalists HITBSecConf – Amsterdam, may 14 / DefCamp – Bucarest, oct. 14 / MRMCD – Darmstadt, sept. 14 / PSES – Paris, june 14 / NDH (Workshop) – Paris, june 14 Free software and (h)activism - Ritimo – feb. 2014 Social engineering for journalists NDH – Paris, june 13 / Ubuntu party – Paris, may 13
Today ? First part : starting point of the study terms and definitions developpment of websites in french language developpment of twitter acounts Second part : Let’s talk about Crypto From Moudjahdin Secret until today New tools, focused on smartphones After Paris, what about now ? Third part : crypto tools (maybe) Not westerns When crypto need religios validating Econocom P. 4 Nov. 2015
Starting point Terms et Jihad Cryptojihad définitions Terrorism Wikiterrorism
Starting point Terms and definitions 1/3 Jihad Econocom P. 6 Nov. 2015
Starting point Terms et definitions 2/3 Cryptodjihad Using encryption / cryptography in order to perform jihad. Terrorism (not used here) Using fear to put political, religious, idéological presure. So many definitions (109 different according to Wikipedia) they vary on: the use of violence, the technics used, the nature of the subject, the level of organization, etc. In many definitions also involved the criterion of the number of victims. Econocom P. 7 Nov. 2015
Starting point Terms and definitions 3/3 Wikiterrorism Term created by the geopolitical researcher Marc Hecker, working on terrorism and social networks at IFRI. (wich is include in The Three Ages of terrorism) Using/creation of decentralized networks (online, humans, etc.), based on communication and where everyone contributes. This helps to cover their tracks while extending an "ideal" but the other side is that those contributions are very inqual. Econocom P. 8 Nov. 2015
Starting point Evolution Number of websites in french languages vs international Number of twitter account and what does that mean
Starting point Evolution of pro-jihad websites 25000 + + 20000 15000 an 1997 An 2005 10000 An 2015 5000 28 0 Sites Inter Sites Fr Sources : http://www.lemonde.fr/proche-orient/article/2015/06/01/l-etat-islamique-compte-2-8-millions-de- francophones-sur-twitter_4645047_3218.html http://www.lefigaro.fr/actualite-france/2008/11/07/01016-20081107ARTFIG00006-l-inquietante-propagande- islamiste-sur-internet-.php Econocom P. 10 Nov. 2015
Starting point Sites and forums in french language Ansar Al Haqq, most famous forum (from december 2006) From 2006 to 2011, 50.000 messages 2010 Some members and the admin where arrested Assabyle => ribaat.org Le jardin des croyantes (Only for women) Nida Al Tawhid Most famous plateforms are the one wich are supported by ground organizations Econocom P. 11 Nov. 2015
Starting point Solid tools for communication Al Farg Media Center and Global Islamic Media Forum (GIMF) Econocom P. 12 Nov. 2015
Starting point Tools I used • NodeXL • GEPHI Datas • Twitwheel (en 2014) • GEPHI Mapping • Brandstweet • Tweetstats Analysis Econocom P. 13 Nov. 2015
Starting point Evolution of twitter accounts 1/2 September and décember 2014, 46 000 and 90 000 Twitter accounts were used to broadcast ISIS propaganda First geolocalisation is Saoudi Arabia , before Syria, Iraq, USA, Egypt and Koweït Arabic is the most used language bi pro-jihad accounts on Twitter ( 73 % ), before english (18 %) and french (6 %) Every accound is folled by a thousand account Sources : brookings.edu Econocom P. 14 Nov. 2015
Starting point Evolution of twitter accounts 2/2 From mars 2015, « Anonymous » publish on @CtrlSec0 account a list of pro- ISIS accounts They’ve annonced 9200 accounts but new messages are already published I used those accounts to renew my study Econocom P. 15 Nov. 2015
Let’s talk about From Moudjahdin secret until today encryption More and more smartphone tools After Paris, what about now ?
Let’s encrypt Once upon a time… Source : https://theintercept.com/2015/11/15/exploiting-emotions-about-paris-to-blame-snowden-distract-from- actual-culprits-who-empowered-isis/ Econocom P. 17 Nov. 2015
Let’s encrypt From M. Secret to today 11/13 – .onion webpages Twofish 12/13 09/13 07/14 2000 2007 02/13 Plateform M.Secret Email Sources : études du Middle East Media Research Institute (MEMRI), http://www.lefigaro.fr/international/2007/07/06/01003-20070706ARTFIG90133- secrets_de_moudjahidins_le_programme_de_cryptage_des_terroristes.php Econocom P. 18 Nov. 2015
Let’s encrypt More and more smartphone tools Some people does not have Internet at home in some countries Easyer for instant messaging Wikiterrorism => more and more people, younger … (as WhatsApp users in Belgium a few mounths ago) Zapping culture New security risks for jihadists : geolocalisation Loack of control Econocom P. 19 Nov. 2015
Let’s encrypt After Paris, What about now? Telegram: (10 bilion messages daily) They could still establish private connections, Telegram admitted that it is not able to block communications that happen in private groups, which can include up to 200 users. “ All Telegram chats and group chats are private amongst their participants,” Telegram’s spokesperson wrote. “We do not process any requests related to them.” (Telegram co-founder - Pavel Durov) (securityaffairs.co, yesterday) Econocom P. 20 Nov. 2015
After Paris, What about now? Econocom P. 21 Nov. 2015
Tools Tools means identity (maybe) not western tools Home made tools validated by « god »
One tool = one group Groups definitions by tools they’re using Anti Proof Crazy American certified religious Tools validated Western tools Kown tools for by the forbiden security « prayers » (not so) Paranoid « home made » tools Econocom P. 23 Nov. 2015
one tool = one group Dévôts Outils « validés » Source : http://alfajrtaqni.net/amm.html Econocom P. 24 Nov. 2015
One tool = one group "Cryptography is changing, time passes Crazy and we must apply the changes in religious technology in this area with the Validate command of Allah and the Sunnah of tools the Messenger of Allah peace be upon him" Econocom P. 25 Nov. 2015
Un outil = un groupe Proof « Proof certified » certified Known tools Using TOR, Pigdin, Cryptocat, Wickr, and Telegram encrypted chat tools, Paranoid ProtonMail , RedPhone … Want to be protected of international interligence services ISIS support Tails using on his forums AQAP created a guide about its well using Ansar-el-Dardashah, Ansar Al Ghurrabaa Econocom P. 26 Nov. 2015
Un outil = un groupe Anti Des outils (presque) pas Occidentaux Américan Westren tools forbiden « home made » tools (not so) home Twofish algorithm is in (close) every new made tools program since 2013 They comunicate a lot Creating this tools means having a technical hight level they don’t have Amn Al Mujahid par Al-Fajr Technical Committee, Tashfeer Al Jawal Econocom P. 27 Nov. 2015
Conclusion Communication: rom a target to a decentralized network • Encryption is not used just since a few days • Increase in technical skills (creation of tools and piracy) and • new recruits who are not on ground A different feeling according to cryptography and existing • tools, creating the same separation as on the ground
Questions ? Econocom P. 29 Nov. 2015
Econocom
Recommend
More recommend
